PfSense 2.1 build 20130911-1816 - Directory Traversal

Russian
Log in to reply
  • P

    копипаста  http://ru.1337day.com/exploit/21827
    <authenticated users="" with="" only="" permission="" to="" access="" some="" packages="" in="" web="" gui<br="">(a.k.a. webConfigurator) will be able to escalate themselves to other
    privileged admin by reading /conf/config.xml file through bugs (i.e. Snort
    LFI), result in fully compromise the pfSense.

    This attack abuse the user privilege scheme with some of official packages
    (System > Package Manager)

    • Session Hijacking also possible to steal less privileged user sessions to
      perform this trick  due to "http" admin by default webConfigurator.></authenticated>
    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy